1. Field of the Invention
The present invention relates to an account management system, a root-account management apparatus, a derived-account management apparatus, and a program which manage hierarchical accounts, and for example, relates to an account management system, a root-account management apparatus, a derived-account management apparatus and a program capable of preventing a derived authentication element from becoming invalid even when an authentication element as a root becomes invalid.
2. Description of the Related Art
In recent years, a situation in which physical resources such as specific physical domains and information resources such as files and data are deployed so as to be widely distributed has been found. In such situation, there is known an environment where computers deployed in the physical resources and/or computers holding the information resources are connected through a network (hereinafter, referred to as a wide-area distributed environment).
In this type of wide-area distributed environment, the threat of illegal entry into the physical resources, and leakage or theft of information resources has increased. Against such threat, the importance of a physical security system and an information security system which control access by a user to the physical resource and the information resource has been growing.
In each security system, it is important to properly identify and authenticate a user to verify whether or not the user has a proper security attribute (authority or the like) to an access target.
In the physical security system, entry into a specific limited area is controlled in accordance with the identity of the user. This type of control was realized by utilizing a personal surveillance method by a surveillance agent in the past, and in recent years, it has been realized by utilizing an authentication method using information processing by a computer. As the authentication method using information processing, for example, there is a principal confirmation method of confirming the principal by possession authentication by a secure device such as a smart card and/or biometric authentication based on biometric information, or the like. The control utilizing the authentication method is realized, for example, by confirming the principal by the authentication method and thereafter, further deciding whether or not the user has a proper security attribute to thereby control the entry in accordance with this decision result.
The information security system controls access to a specific file and data in accordance with the identity of the user. This type of control is realized utilizing the authentication method as described above.
Moreover, security systems which provide such authentication of a user as a service have appeared. In such security systems, when an authentication element having a high degree of secrecy such as biometric information is handled, the authentication element is desirably managed independently of general services.
However, in the above-described security systems, an account of a user is often managed independently. In this case, the user presents a physical identity document such as a driver's license, an insurance card, an employee ID card or the like to an administrator of each of the security systems in advance at the time of account registration.
The administrator of the security system decides the validity of the account registration based on the presented identity document. Performing such decision in the security systems places a large burden on the system administrator and the user.
Meanwhile, as an existing technique similar to the account management, PKI (Public Key Infrastructure) and a public key certificate (X. 509 certificate) are known (For example, refer to “Internet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile” by R. Housley, W. Polk, W. Ford, and D. Solo <URL: http://www.ietf.org/rfc/rfc3280.txt>). PKI is a framework in which a reliable third-party organization (normally, referred to as Certificate Authority: CA) performs certification in order to certify the identity of the user (individual or organization).
The third-party organization has a public key certificate, referred to as a root certificate (or CA certificate) or the like, for certifying the identity. The third-party organization generates a public key certificate of each user based on this root certificate. The user can certify his or her own identity by such public key certificate. Using such identity certification, the user utilizes a digital signature generated through the use of a secret key (or private key) corresponding to a public key included in the public key certificate, or the like.
Aside from the public key certificate, an attribute certificate for certifying only attribute information or the like and including no public key, has been known (for example, refer to “An Internet Attribute Certificate Profile for Authorization” by S. Farrell, and R. Housley, <URL: http://www.ietf.org/rfc/rfc3281.txt>. The attribute certificate includes attribute information and a serial number of a public key certificate, and is given a digital signature by a secret key corresponding to a public key of this public key certificate. That is, the attribute certificate is generated by being derived from the public key certificate.
In the case where derived authentication elements (as an example, attribute certificates) are generated based on an authentication element as a root (as the example, public key certificate) as described above, if the authentication element of the root becomes invalid, all the derived authentication elements need to be regenerated. However, in the case of the public key certificate and the attribute certificate, a validity term (or survival cycle term) of the public key certificate as the authentication element of the root is longer than that of the attribute certificate as the derived authenticate element, and thus, the impact of the regeneration is small.